Tagged and untagged VLAN attributes
When you configure a user profile on a RADIUS server to assign a VLAN to an authenticated client, you can use either the VLAN name or VLAN ID (VID) number. For example, if a VLAN configured in the switch has a VID of 100 and is named
vlan100
, you could configure the RADIUS server to use either "100" or "vlan100" to specify the VLAN.
Egress-VLANID: Configures an optional, egress VLAN ID for either tagged or untagged packets (RFC 4675).
Egress-VLAN-Name: Configures an optional, egress VLAN for either tagged or untagged packets when the VLAN ID is not known (RFC 4675).
Tunnel-Type, Tunnel-Medium-Type, and Tunnel-Private-Group-ID: Tunnel attributes that specify an untagged VLAN assignment (RFC 3580).Tunnel (untagged VLAN) attributes may be included in the same RADIUS packet as the Egress-VLANID and Egress-VLAN-Name attributes. These attributes are not mutually exclusive.
The switch processes the VLAN information returned from the remote RADIUS server for each successfully 802.1X-, web-based, and MAC authenticated client (user). The VLAN information is part of the user profile stored in the RADIUS server database and is applied if the VLANs exist on the switch.